#25090 closed defect (worksforme)
Make sure IPFS & co in addons are shoved up through Tor and don't leak in ESR60
| Reported by: | cypherpunks | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | ff60-esr, tbb-proxy-bypass |
| Cc: | arthuredelstein | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
Starting from FF59,
https://blog.mozilla.org/addons/2018/01/26/extensions-firefox-59/
Support for Decentralization Protocols
Mozilla has always been a proponent of decentralization, recognizing that it is a key ingredient of a healthy Internet. Starting with Firefox 59, several protocols that support decentralized architectures are approved for use by extensions. The newly approved protocols are:
- Dat Project (dat://)
- IPFS (dweb:// ipfs:// ipns://)
- Secure Scuttlebutt (ssb://)
Firefox itself does not implement these protocols, but having them on the approved list means the browser recognizes them as valid protocols and extensions are free to provide implementations.
Firefox will allow addons to support IPFS, ..etc. There's a need to be sure that all those things when implemented in addons are shoved up through Tor and don't leak.
Child Tickets
Change History (5)
comment:1 follow-up: 2 Changed 8 months ago by
comment:2 Changed 8 months ago by
Replying to cypherpunks:
I think these protocols would just increase the surface of attack. We can't trust file:// in firefox, why would we trust these?
I think there are some interesting use cases for these things, and it's only for addons anyway. It's completely different from file://
comment:3 Changed 2 weeks ago by
| Keywords: | tbb-proxy-bypass added |
|---|
comment:4 Changed 8 days ago by
| Cc: | arthuredelstein added |
|---|
comment:5 Changed 8 days ago by
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
I think we are good right now. There is no TCP/UDP Socket API available for WebExtensions yet (see: https://bugzilla.mozilla.org/show_bug.cgi?id=1247628) so, this risk is ruled out. You can register those protocols with protocol handlers (see: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/protocol_handlers) but that's a web based mechanism, so that should be fine (or it points back to your own extension code but then there is no TCP/UDP Socket API available).
That said: even if extensions which implemented/supported those protocols *would* bypass Tor then I think this would fall under our strong recommendation to not install third-party extensions as they can compromise your privacy/anonymity.
Not OP.
I think these protocols would just increase the surface of attack. We can't trust file:// in firefox, why would we trust these? Frankly I think this junk should be ripped from the tor-browser and removed.